| ID |
CVE-2006-2221
|
| Summary |
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer. This vulnerability is addressed in the following product releases:
Process-one, ejabberd, 1.1.1_2
BitRock, Install Builder, 3.7.0 |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:bitrock:install_builder:*:*:*:*:*:*:*:*
cpe:2.3:a:bitrock:install_builder:*:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:1.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:1.1.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:0.9:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:0.9:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:0.9.1:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:0.9.8:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:1.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:1.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:1.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:process-one:ejabberd:1.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:process-one:ejabberd:1.1.1.1:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 2.1 (as of 18-10-2018 - 16:38) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| bid | 17804 | | bugtraq | - 20060502 Ejabberd : Symlink vulnerability during installation process
- 20060503 Re: Ejabberd : Symlink vulnerability during installation process
| | osvdb | 25215 | | secunia | | | vupen | - ADV-2006-1642
- ADV-2006-1659
| | xf | - ejabberd-bitrockinstaller-symlink(26221)
- installbuilder-bitrockinstaller-symlink(26261)
|
|
| Last major update |
18-10-2018 - 16:38 |
| Published |
05-05-2006 - 19:02 |
| Last modified |
18-10-2018 - 16:38 |
